IS3445 CHAP 8 SECURING WEB APPLICATIONS Flashcards
___ is a block cypher encryption standard that creates keys from 128 bis to 256 bits in length. AKA Rijndail.
(AES) Advanced Encryption Standard
___ is input validation mechanisms on the silent side using the client browser.
Client-side validation
___ is backtracking up a directory path using “../” or dot.dot.slash to access areas not intended to be accessible.
Canonicalization attacks
___is an encryption standard using a 56-bit key encryption method.
(DES) Data encryption standard
___is a small electronic file that serves to validate or encrypt a message or browser session. These are often used to create a digital signature which offers non-repudiation of a user or a Web site.
Digital certificate
___is an access control method in which access is not forced from the administrator or the operating system; rather, access is controlled by the information’s owner.
(DAC) Discretionary access control
___ is a security measures such as firewalls, IDSs, and antivirus solutions installed directly on a client system.
Host-based security
___ is an access control mechanism in which access is controlled and dictated by the network administrator.
(MAC) Mandatory access control
___ is a family of secret key cryptographic algorithms from RSA Security, Inc.
Rivest Cipher
___ A formal document from the Internet Engineering Task Force (IETF) that is the result of committee drafting and revision of a technical document.
(RFC) Request for Comments
___An access control mechanism in which access decisions are determined by the roles that individual users have as part of an organization.
Role based access control
___ An access control mechanism in which access to objects is controlled according to established rules.
Rule based access control
___ is the process of planning, designing, creating, testing, deploying, and maintaining software.
(SDLC) Software development life cycle
___ is the special type of access control list that monitors attempts to get into secured objects on a system.
(SACL) System access control list
___ is and encryption method that uses three 56-bit encryption keys.
(3DES) Triple Data Encryption Standard
- SFTP is a secure version of FTP.
TRUE OR FALSE
TRUE
- You are the administrator of large network. The network has several groups of users–including students, administrators, developers, and front-end staff. Each user on the network is assigned network access depending on his or her job in the organization. Which access control method is being used?
- Discretionary access control
- Role based access control
- Rule based access control
- Mandatory access control
Role based access control
- Discretionary access control uses an access control list to determine access.
TRUE OR FALSE
TRUE
- As a network administrator, you are concerned with the clear-text transmission os sensitive data on the network. Which of the following protocols are used to help secure communications? (Select two)
- FTPv2
- SCP
- SSL
- SNMP
SCP
SSL
- As part of the networks’s overall security strategy, you want to establish an access control method in which the owner decides who can and who cannot access the information. Which type of access control method is being described?
- Mandatory access control
- Role based access control
- Discretionary access control
- Rule based access control
Discretionary access control
- ___ and HTTP are combined to secure online transactions.
Secure Sockets Layer or SSL
- Mandatory access control secures information and resources by assigning sensitivity labels on objects and comparing this to the level of sensitivity a user is assigned.
TRUE OR FALSE
TRUE
- ___, AKA Rijndail, is a block cipher encryption standard. It can create keys from 128 bits to 256 bits in length.
Advanced Encryption Standard (AES)
- As a network administrator, you have configured your company’s firewall to allow remote users access to the network only between the hours of 1:00 p.m. and 4:)) p.m. which type of access control method is being used?
- Discretionary access control
- Role based access control
- Mandatory access control
- Rule based access control
Rule based access control
- You are concerned about the integrity of messages sent over your HTTP connection. You use HTTPS to secure the communication. Which of the following are hashing protocols used with SSL to provide security? (Select two)
- IPSec
- SHA1
- MD5
- SFTP
SHA1
MD5
- A malicious user can insert tags into your Web pages, creating interactive content designed to steal information from your users.
TRUE OR FALSE
TRUE
- Authorization is any process by which you verify that someone is who they claim they are.
TRUE OR FALSE
FALSE